In the spirit of trust, transparency and open source collaboration I am publishing the setup, scripts and configuration details on github:

Infrastructure and setup

Your queries arrive at one of the 3 rust-based encrypted-dns-server instances. All instances share a no log setup and default cache settings for 100k entries. The only differ in blocklists applied:

  • is has 0 blocklists
  • is has 6 sources of blocklists

They share the same whitelist and unbound configuration:

If your query is not satisfied by the cache at this level it is forwarded to a locally running a DNSSEC-enabled unbound instance which has its own cache and if the query is not satisfied, it is being resolved from the root name servers. No forwarding upstream.

All encrypted-dns-server instances produce metrics which are being pulled from a prometheus instance and grafana server is pulling from prometheues.

The manual blocks include such stuff as: